Building secure Ajax websites
Ajax itself doesn't create any security risk, but the approaches in getting a website to be Ajaxified may open up security risks. The risks are common for all web applications.
Getting ready
We'll require a web browser with developer tools installed. Possible tools for this purpose are Firefox with Firebug.
How to do it...
Some common security threats either in Ajax or non-Ajax web-based applications are XSS, SQL injection, and session hijacking. We'll see how they can be prevented.
1. XSS
XSS or cross-site scripting attack capitalizes on the ability to add script to the website through user inputs or by some means of hacking the URL. Let's take the popular Twitter website that allows users to enter their bio details. Consider the following input for the Bio field:
<script>alert('XSS');</script>If Twitter engineers allowed HTML execution, or didn't sanitize entries before displaying them, it would prompt with an alert box with the text XSS. In a real-world...
